计算机工程与应用 ›› 2007, Vol. 43 ›› Issue (34): 138-140.

• 网络、通信与安全 • 上一篇    下一篇

细粒度的基于角色的访问控制模型

廖俊国1,2,洪 帆1,肖海军1,张昭理1   

  1. 1.华中科技大学 计算机科学与技术学院,武汉 430074
    2.湖南科技大学 计算机科学与工程学院,湖南 湘潭 411201
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2007-12-01 发布日期:2007-12-01
  • 通讯作者: 廖俊国

Fine-grained role-based access control model

LIAO Jun-guo1,2,HONG Fan1,XIAO Hai-jun1,ZHANG Zhao-li1   

  1. 1.College of Computer Science & Technology,Huazhong University of Science & Technology,Wuhan 430074,China
    2.School of Computer Science & Engineering,Hunan University of Science & Technology,Xiangtan,Hunan 411201,China
  • Received:1900-01-01 Revised:1900-01-01 Online:2007-12-01 Published:2007-12-01
  • Contact: LIAO Jun-guo

摘要: RBAC模型是一种被广泛应用的访问控制模型。但是,RBAC模型是在角色级管理和控制权限,不能满足用户获得角色的部分权限和角色权限的部分继承等安全需求。针对这个问题,在RBAC模型中增加权限的重要程度要素,提出了FGRBAC模型(Fine-Grained Role-Based Access Control Model--细粒度的基于角色的访问控制模型),并给出了在FGRBAC模型中求用户权限和角色权限的算法。FGRBAC模型不仅可以使用户获得角色的部分权限、父角色可以继承子角色的部分权限,而且RBAC模型可被看成是FGRBAC模型的一种特例。因此,FGRBAC模型不仅具有RBAC模型的所有优点,而且比RBAC模型具有更好的灵活性和实用性。

关键词: RBAC, FGRBAC, 权限的重要程度

Abstract: RBAC model is an access control model which is widely used.However,in RBAC model,privileges are administrated and controlled on role level.A user can not obtain part privileges of a role,and a role can not inherit part privileges of another role.To address the issue,by adding an element called as importance level of privilege in RBAC model,a fine-grained role-based access control model is presented,which is denoted as FGRBAC.The algorithm for solving the set of privileges belonged to a user or a role is discussed.In FGRBAC model,a user can obtain part privileges of a role,and a role can inherit part privileges of another role.RBAC model can be treated as a special case of FGRBAC model.So,the advantages of RBAC model are available in FGRBAC model,FGRBAC model is more flexible and practical than RBAC model.

Key words: RBAC, FGRBAC, importance level of privilege